NDPMon is a monitoring software for ipv6 Neighbor Discovery. It syslogs activity and reports by email malicious ND message.
libpcap to listen for icmp6 packets and
libxml2 to use configuration and neighbor cache files.
-i flag is used to change the default interface eth0.
-f flag is used to change the path of the configuration file.
The default is
-e flag is used to change the path to the DTD file for the configuration file. The default is
-n flag uses libpcap to specify a limited number of packet to capture.
-F flag allows to change the default icmp6 filter.
-L flag is used to disable syslog and mail reports. This is used to do a learning phase and constitue the neighbor cache.
-v is used to enable the DEBUG mode.
-d flag is used to change the path to the DTD file for the neighbor cache. The default is
-g flag is used to change the path to the neighbor cache. The default is
Note that an empty
neighbor_cache.xml file must be created before the first time you run
NDPMon must be run with
root rights to work.